openoffice-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marcus <marcus.m...@wtnet.de>
Subject Re: [TESTING] Applying openoffice-4.1.2-patch1 for Windows
Date Fri, 05 Aug 2016 17:48:19 GMT
Am 08/05/2016 12:30 PM, schrieb Carl Marcum:
> On 08/04/2016 06:52 PM, Marcus wrote:
>> Am 08/05/2016 12:26 AM, schrieb Kay Schenk:
>>> On 08/04/2016 02:21 PM, Marcus wrote:
>>>> Am 08/03/2016 05:31 AM, schrieb Dennis E. Hamilton:
>>>>> Testing of an Apache OpenOffice 4.1.2-patch1 procedure is requested.
>>>>>
>>>>> The files to be used in testing are at
>>>>> <https://dist.apache.org/repos/dist/dev/openoffice/4.1.2-patch1/binaries/Windows>.
>>>>>
>>>>>
>>>>>
>>>
>>> hmmm...well no zips for Mac, Linux32, or Linux 64 -- yet.
>>>
>>> Should we get started on these?
>>
>> it depends what we want that they should contain. The ZIP file for
>> Windows contains a LICENSE and NOTICE file as well as an ASC file for
>> the DLL. As it is only a patch IMHO we don't need to provide another
>> LICENSE and NOTICE file which is already available in the OpenOffice
>> installation. Also the ASC is not necessary as we provide it already
>> (together with MD5 and SHA256) for the whole ZIP file.
>>
>> That means that only the README and library file remains.
>>
>> When the README for Windows keep its length then I don't want to copy
>> this on the dowload webpage. ;-)
>>
>> So, when we put the README for all platforms in their ZIP files then
>> we can just put a pointer to it on the download webpage and thats it.
>>
>> To cut a long story short:
>> I would say yes for a ZIP file for every platform.
>>
>>>>> * apache-openoffice-4.1.2-patch1-apply-Win_x86.zip.asc
>>>>
>>>> I don't know if this is OK or still bad:
>>>>
>>>> gpg --verify apache-openoffice-4.1.2-patch1-apply-Win_x86.zip.asc
>>>> apache-openoffice-4.1.2-patch1-apply-Win_x86.zip
>>>> gpg: Signature made Tue 02 Aug 2016 06:24:08 AM CEST using RSA key ID
>>>> D456628A
>>>> gpg: Good signature from "keybase.io/orcmid (confirmed identifier)
>>>> <orcmid@keybase.io>"
>>>> gpg: aka "orcmid (Dennis E. Hamilton)<orcmid@msn.com>"
>>>> gpg: aka "orcmid Apache (code signing)<orcmid@apache.org>"
>>>> gpg: aka "Dennis E. Hamilton (orcmid)
>>>> <dennis.hamilton@acm.org>"
>>>> gpg: WARNING: This key is not certified with a trusted signature!
>>>> gpg: There is no indication that the signature belongs to the
>>>> owner.
>>>
>>> I get this on sig checks also. There's probably a step we're missing to
>>> specify "trust" locally.
>>>
>>> See:
>>> http://www.apache.org/dev/release-signing.html
>>
>
> signing Dennis' key locally worked for me.
> On Linux I use:
> gpg --default-key 9553BF9A --sign-key D456628A
>
> If the key you want to sign it with is already the default key you can
> omit the "--default-key 9553BF9A" part.
> Sometimes you may have to prefix the ID's with "0x" to denote hex.
>
> If you trust this is Dennis' key you can send his key back with your sig
> now attached and it will have more trust.
> gpg --send-key 0xD456628A
>
> If a few people do it the warning should go away. Web-of-trust :)

thanks a lot for these details. :-)

Marcus


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org


Mime
View raw message